CVE-2026-9803 in Keycloak信息

摘要

由 MITRE • 2026-05-28

A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an ArrayIndexOutOfBoundsException, causing the server to return an HTTP 500 error and resulting in a Denial of Service (DoS) for the affected service.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

负责

Redhat

预定

2026-05-28

披露

2026-05-28

管理

已接受

条目

VDB-366582

CPE

准备好

CWE

CWE-125 (已确认)

CVSS

5.3 (CNA)

EPSS

0.00095

KEV

否

活动

非常低

来源

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-9803
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-9803
CVE Details	https://www.cvedetails.com/cve/CVE-2026-9803/

◂ 上一步一览下一步 ▸

Interested in the pricing of exploits?

See the underground prices here!